Announcements

Today, we are releasing XenForo 1.4.8. This release addresses two potential security vulnerabilities and fixes a number of bugs found since the release of 1.4.7. We recommend that all customers running XenForo 1.4 upgrade to 1.4.8 or use the attached patch file as soon as possible.The two security issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.In the notices system, the name token was not escaped as expected. This could allow specially crafted requests to trigger an XSS for guests (or for a registered user to trigger an XSS on themselves). In the filter list system in the admin control panel...

Today, we are releasing XenForo 1.3.7 to address two potential security vulnerabilities. We recommend that all customers running XenForo 1.3 upgrade to 1.3.7 or use the attached patch file as soon as possible.The two issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.In the notices system, the name token was not escaped as expected. This could allow specially crafted requests to trigger an XSS for guests (or for a registered user to trigger an XSS on themselves). In the filter list system in the admin control panel, dynamic highlighting when filtering did not escape output properly, potentially...

Today, we are releasing XenForo 1.2.8 to address two potential security vulnerabilities. We recommend that all customers running XenForo 1.2 or earlier upgrade to 1.2.8 or use the attached patch file as soon as possible.The two issues are XSS vulnerabilities. XSS (Cross Site Scripting) issues allow scripts and malicious HTML to be injected into the page, potentially allowing data theft or unauthenticated access.In the notices system, the name token was not escaped as expected. This could allow specially crafted requests to trigger an XSS for guests (or for a registered user to trigger an XSS on themselves). In the filter list system in the admin control panel, dynamic highlighting when filtering did not escape output properly...

XenForo Media Gallery 1.0.6 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.0.6 to benefit from increased stability.This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.0.5:Provide more detailed error messages when trying to access deleted gallery content. Display a suitable error if content has no valid IP addresses logged. Ensure guests can view category based media and other media they have permission to see in New Media. Catch various exceptions that could be thrown when rebuilding watermarks on images. Restrict imported media titles to the max length set in Gallery Options. Fetch thumbnails for YouTube...

XenForo Media Gallery 1.0.5 is a maintenance release for our media gallery add-on. We recommend all customers running XenForo Media Gallery to upgrade to 1.0.5 to benefit from increased stability.This release fixes several bugs that were reported following the release of XenForo Media Gallery 1.0.4:Improved caching of permission based template params in templates. Some small fixes and improvements to inline moderation including the display of the "Selected Items" on all relevant pages. No longer show banned users in various blocks, such as Recent Comments, Top Contributors and Recent Albums. Highlight the correct "order" tabs when viewing albums shared with you Changes to no longer count media in various places that are located in...

Today, we are pleased to release XenForo 1.4.7. This release fixes a number of bugs and issues that were found since the release of 1.4.6. As this is a maintenance release, the vast majority of the focus was an increase in stability.Please note that we are now formally recommending that you upgrade to PHP 5.4 or newer. Our intention with XenForo 2.0 is to require PHP 5.4 or newer. If you are running PHP 5.3 or 5.2, you will receive a warning when installing or upgrading XenForo.Some of the bugs fixed in 1.4.7 include:Prevent double inclusion of the Facebook JavaScript files in certain cases. Add default support for the new Facebook video URL format. When upgrading an add-on, maintain the active state for existing BB codes. Fixed a...

Today, we are pleased to release XenForo 1.4.6. This release fixes a number of bugs and issues that were found since the release of 1.4.5. As this is a maintenance release, the vast majority of the focus was an increase in stability.However, we have improved our login brute force mitigation system to not only limit login attempts per user but to also place temporary blocks on entire IP addresses if they fail to login too many times.This release also brings our use of the Facebook Open Graph API up to version 2.0. Although you will not see any noticeable difference, it does ensure that the Facebook integration will continue to work after they officially end support for version 1.x of the API. In addition to this mostly...